Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 (?) can't start because %hs is missing


  • This topic is locked This topic is locked
38 replies to this topic

#1 Huutch

Huutch

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 03:03 PM

Started up my computer yesterday and it was stuck on reboot. Disabled automatic restart on failure and got a BSOD which read that %hs is missing message.

Ive ran the Win7 repair disc several times to no avail. Really don't want to do a clean install. Ive read other threads with this issue and they all suggest using FARBAR.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 03:36 PM

Hi and welcome.

 

Lets give it a try.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste its contents in your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 03:37 PM

Thanks for the quick reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by SYSTEM on MININT-0U6VSE2 (06-01-2017 15:35:09)
Running from F:\
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet004
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 1999-12-31] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2014-05-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-05] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 aunhelper; C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe [81920 2015-09-18] ()
S3 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4630352 2015-05-21] (SafeNet Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-03-10] (IObit)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-05] (Electronic Arts)
S2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139536 2010-05-25] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-05-20] (Realtek Semiconductor)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-10-26] (Realtek Semiconductor.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3543576 2016-02-16] (TorrentsTime)
S2 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-10-07] (RapidSolution Software AG)
S4 wwEngineSvc; C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe [618896 2011-04-20] (Webroot Software, Inc.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation)
S3 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
S2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 adgnetworktdi; no ImagePath
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [69208 2015-05-21] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [72664 2015-05-21] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [312344 2015-05-21] (SafeNet Inc.)
S0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2015-07-07] (IVT Corporation.)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2014-05-20] (Ralink Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-24] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [340336 2015-05-21] (SafeNet Inc.)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-06] (REALiX™)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-20] (Intel Corporation)
S3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-03-06] (Intel Corporation)
S3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2010-07-29] (Creative Technology Ltd.)
S3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-28] (LG Electronics Inc.)
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-28] (LG Electronics Inc.)
S3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-28] (LG Electronics Inc.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2015-12-24] (Intel Corporation)
S3 mpsdrv; no ImagePath
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-10-07] (Audials AG)
S3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45192 2013-10-07] (RapidSolution Software AG)
S0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-05] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [422656 2016-01-06] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9101016 2015-07-06] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; no ImagePath
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-09-17] (OpenLibSys.org)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [139088 2017-01-05] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S0 SR; no ImagePath
S2 srservice; no ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aksdf.sys BAA7D289BA72B5A798801D78D5609568
C:\Windows\System32\DRIVERS\aksfridge.sys E7C605A919A4349056861886773495C1
C:\Windows\System32\DRIVERS\akshasp.sys 54467C61D96EBA94E0EBAE8D95CB8EF3
C:\Windows\System32\DRIVERS\akshhl.sys 0C33EDF66A0F8072416CED1D3D6B59D1
C:\Windows\System32\DRIVERS\aksusb.sys EC355A228F2A1E0756C9ADEF643FE6A6
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdkmpfd.sys 6ED151E48EE0F594767D440BD3204598
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AMPPAL.sys 9C385432C11AECC647E8D0BC7663AB48
C:\Windows\System32\DRIVERS\amppal.sys 9C385432C11AECC647E8D0BC7663AB48
C:\Windows\System32\DRIVERS\lgandnetbus64.sys E1E57FAEDA0D85420EDBAAFE29025585
C:\Windows\System32\DRIVERS\lgandnetdiag64.sys EF5AACC19563493F56C52F4EE54A672B
C:\Windows\System32\DRIVERS\lgandnetmodem64.sys 23BC4FFCB177048C1664802126F0BA08
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 6A8BE7EF08F3AE3B81555788D978A43A
C:\Windows\System32\DRIVERS\ATSwpWDF.sys 23C140EA2ADA4F0E034F682C57F8DE62
C:\Windows\System32\DRIVERS\avgidsha.sys F6CE2F1B6E890FB5EBC04A11A2E31DC1
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\btcusb.sys CC8915599391541075FA669ECEA595EC
C:\Windows\System32\DRIVERS\btfilter.sys F4A83E8A87E810F6B332002DD8CA5E0A
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\Drivers\BtL2caScoIf.sys CE3921CC0814574A699628776B3AE301
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 0D25B6D300BA26A5F2C3B2A8E96B158B
C:\Windows\System32\Drivers\BTHUSB.sys 1F9912F8EC5BFA53432E71E150636A8A
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 3CA734CE373E5675FBC15CA2C45228E5
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EMSC.SYS E47D9D7E6E53892FC97282482F4AE307
C:\Windows\SysWOW64\DRIVERS\EMSC.SYS CF460F454A0473E6C7AD846B94D8382A
C:\Windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\Windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\DRIVERS\ETD.sys 7A57760E4F2BD604E9E9B80A44BCD443
C:\Windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\Windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys D279181E1CF2D85D31CDCFFD56B16795
C:\Windows\System32\drivers\gfiutil.sys 8A93EF289B0F9355E513C4AC08EBF8ED
C:\Windows\system32\drivers\hardlock.sys 6F7C19DD5C1C0E67348F003A940F3EAF
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hssdrv6.sys 94CE9CAAC86D7647422AE5162E4D206D
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 60F6526DB3297C7324957EF3143F88FF
C:\Windows\System32\DRIVERS\iaStorF.sys EF1E09049D5DAF2144AAF67EAE6CC47E
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ICCWDT.sys 231ADCE77616144B8E3D29707B282C82
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flashud.sys 3E9543C0FD4C343B54793B268B314837
C:\Windows\System32\drivers\RTKVHD64.sys 1BD8C0B594F398E59629C530FFC05366
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 6BCEF45131C8B8E1C558BE540B190B3C
C:\Windows\System32\DRIVERS\iusb3hub.sys 676660F20C1E2AA257ADB356F682CAE2
C:\Windows\System32\DRIVERS\iusb3xhc.sys B0342584DAB73797F584CADD41EEC6BD
C:\Windows\System32\DRIVERS\jmccgp.sys 6E76CFA02D7EBE9DBB5E8C60CC23CAA1
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\keyscrambler.sys 89073D9FAF1A7C4781B26CCC9A28D2B6
C:\Windows\System32\drivers\ksaud.sys E5E6ED52E30E1DFC05CCF83286FAA1AD
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgbtpt64.sys 174803F2EEA3B22165DFE0E5A1F20685
C:\Windows\System32\DRIVERS\lgbtbs64.sys 565F93BB7C0361E61B3DAEA670C354D6
C:\Windows\System32\DRIVERS\lgvmdm64.sys ABF477857B7CED873362EC92C6CE10A7
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 453DE62ACB654D39AF0162F97E3B5FA3
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 67B51A97733B10D716B366C2ED126763
C:\Windows\System32\DRIVERS\nvlddmkm.sys 71CF83223F3ADC2EC9DC0FDA8702E312
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 99D42078C9596A20A7B3419159265A25
C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys C76BA99AA5DAAE0FB24CB3D39F231783
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RTSUVSTOR.sys 28B356BAB74470786867BF4DC261E17C
C:\Windows\System32\DRIVERS\rsvcdwdr.sys 9CD929A2F91A4D5399537D021AE43947
C:\Windows\System32\DRIVERS\rtcrfilt64.sys E6458C9289160F440AC40D62926B39A6
C:\Windows\System32\DRIVERS\Rt64win7.sys 7C03368FBF69FABEC01B036558B5A990
C:\Windows\System32\Drivers\RtsUer.sys F6678DB002E2C0C699E0DDECF7CDE971
C:\Windows\System32\DRIVERS\rtsuvc.sys EA2BFD4DB292542A753A895C7D23BDBD
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys A5C91E4A9B97665E5A10317C1625AFF9
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ScpVBus.sys 0447065A6E10774EFCECFDD0EB970A79
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys 0F30F5D825CD5A86BCCE1CBD43CAC363
C:\Windows\System32\DRIVERS\snapman.sys C194FC7F26B62DA92D121C3564F20712
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\SynTP.sys 53AEAEA7FBEA844A6228BC6E89D738B8
C:\Windows\System32\DRIVERS\taphss.sys B70DF208E97536CA9F29289E609F5B16
C:\Windows\System32\DRIVERS\taphss6.sys 5590F7412464DB952CA4F4F90C70EA45
C:\Windows\System32\drivers\tbhsd.sys 048CFE7569D6ADCAB9349BB1A566A79E
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\whfltr2k.sys 2C3E71FF4F6E859AE3833BA206B00614
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WRkrn.sys 39F69B1658C6282B86E21F954521A429
C:\Windows\system32\DRIVERS\wrUrlFlt.sys F5BB6459A1289527434772FE74227BD0
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-05 18:20 - 2017-01-05 18:20 - 00000000 ____D C:\Windows\System32\config\backup
2017-01-05 15:57 - 2017-01-05 16:04 - 00000000 ____D C:\FRST
2017-01-05 08:58 - 2017-01-05 08:58 - 00355736 _____ C:\Windows\ntbtlog.txt
2016-12-16 23:09 - 2016-12-16 23:09 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\Hola
2016-12-16 23:09 - 2016-12-16 23:09 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Chromium
2016-12-16 23:08 - 2016-12-16 23:09 - 00000000 ____D C:\Program Files\Hola
2016-12-16 22:51 - 2016-12-16 22:52 - 00000000 ____D C:\Program Files (x86)\GUMD07D.tmp
2016-12-15 14:02 - 2016-12-15 14:02 - 00180198 _____ C:\Users\MattyHutch\Downloads\vouchers-T8230136.pdf
2016-12-14 05:07 - 2016-12-14 05:07 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-14 05:06 - 2016-12-14 05:07 - 00000000 ____D C:\Program Files\iTunes
2016-12-14 05:06 - 2016-12-14 05:06 - 00000000 ____D C:\Program Files\iPod
2016-12-14 04:55 - 2016-12-14 04:55 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Apple
2016-12-14 01:18 - 2016-12-14 01:18 - 00009011 _____ C:\Users\MattyHutch\Downloads\rgx8401.jpg
2016-12-13 14:06 - 2016-12-13 14:06 - 00185540 _____ C:\Users\MattyHutch\Downloads\Vouchers_T8230136.pdf
2016-12-13 12:38 - 2016-12-13 12:39 - 06552869 _____ C:\Users\MattyHutch\Downloads\VYBZ KARTEL - DRINK UP - DRINK UP RIDDIM - TJRECORDS - 2014.mp3
2016-12-13 12:37 - 2016-12-13 12:39 - 11840225 _____ C:\Users\MattyHutch\Downloads\Bronski Beat - Smalltown Boy (Original Mix) [pleer.net].mp3
2016-12-13 12:36 - 2016-12-13 12:36 - 11074571 _____ C:\Users\MattyHutch\Downloads\The Weeknd - I Feel It Coming (feat. Daft Punk) [pleer.net].mp3
2016-12-13 12:35 - 2016-12-13 12:36 - 06366978 _____ C:\Users\MattyHutch\Downloads\Skid Row - Youth Gone Wild [pleer.net].mp3
2016-12-12 23:09 - 2016-12-12 23:09 - 00026418 _____ C:\Users\MattyHutch\Downloads\BuOP5i8IUAI_VGH.jpg-large
2016-12-12 23:09 - 2016-12-12 23:09 - 00026418 _____ C:\Users\MattyHutch\Downloads\BuOP5i8IUAI_VGH.jpg
2016-12-12 23:01 - 2016-12-14 05:03 - 00000000 ____D C:\ProgramData\Apple
2016-12-12 13:46 - 2016-12-12 13:46 - 00511240 _____ C:\Users\MattyHutch\Downloads\Worth_Fighting_For_(Fighting_to_-_Kirsty_Moseley.epub
2016-12-12 13:13 - 2016-12-12 13:17 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Daedalic Entertainment GmbH
2016-12-12 13:13 - 2016-12-12 13:13 - 00000000 ____D C:\Users\MattyHutch\AppData\LocalLow\Daedalic Entertainment GmbH
2016-12-12 13:12 - 2016-12-12 13:12 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\kt
2016-12-12 12:04 - 2016-12-12 12:04 - 00003540 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-12-12 12:03 - 2016-12-08 17:00 - 07046552 _____ ( PC Cleaners ) C:\ProgramData\appclunst.exe
2016-12-12 03:49 - 2016-12-12 03:59 - 00000000 ____D C:\adbLink
2016-12-12 03:49 - 2016-12-12 03:49 - 00000590 _____ C:\Users\Public\Desktop\adbLink.lnk
2016-12-11 09:53 - 2016-12-11 09:53 - 00001167 _____ C:\Users\MattyHutch\Desktop\Kingdom Wars 2 Undead Cometh.lnk
2016-12-11 09:45 - 2016-12-12 13:12 - 00000000 ____D C:\Program Files (x86)\Kingdom Wars 2 Undead Cometh
2016-12-11 04:17 - 2016-12-11 04:17 - 00003674 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-12-10 06:56 - 2016-12-10 06:56 - 00176064 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2016-12-10 06:56 - 2016-12-10 06:56 - 00102856 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2016-12-10 06:56 - 2016-12-10 06:56 - 00081696 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2016-12-10 06:56 - 2016-12-10 06:56 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-12-10 06:55 - 2017-01-05 00:27 - 00250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-12-10 06:55 - 2016-12-10 06:55 - 00001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-10 06:55 - 2016-12-10 06:55 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-10 06:55 - 2016-11-28 22:27 - 00077408 _____ C:\Windows\System32\Drivers\mbae64.sys
2016-12-08 22:54 - 2016-12-14 00:59 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\AnonymizerLauncher
2016-12-07 04:27 - 2016-12-12 13:22 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment GmbH
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-10 06:59 - 2016-03-24 06:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-05 01:29 - 2016-04-14 01:58 - 00000000 ____D C:\ProgramData\WRData
2017-01-05 01:22 - 2013-01-19 13:46 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\BitTorrent
2017-01-05 01:19 - 2009-07-13 20:45 - 00028976 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-05 01:19 - 2009-07-13 20:45 - 00028976 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-05 01:12 - 2015-10-03 01:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-05 01:02 - 2016-04-16 00:02 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fa01cd1f-367d-43fa-8166-a483dd9b237c.job
2017-01-05 00:41 - 2012-12-22 16:52 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\Spotify
2017-01-05 00:30 - 2016-04-14 01:58 - 00184760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-01-05 00:30 - 2016-04-14 01:58 - 00139088 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2017-01-05 00:30 - 2016-04-14 01:58 - 00118384 _____ (Webroot) C:\Windows\System32\WRusr.dll
2017-01-05 00:27 - 2014-11-17 00:17 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Spotify
2017-01-05 00:25 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-05 00:24 - 2012-12-21 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-04 15:02 - 2012-12-27 05:12 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\vlc
2017-01-04 04:22 - 2016-10-29 03:34 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-01-04 02:22 - 2016-04-16 00:02 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfea8830-4496-4267-ad18-037c515f85d0.job
2017-01-01 01:11 - 2016-06-27 00:07 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-30 10:09 - 2012-12-21 20:11 - 00000000 ____D C:\Windows\Prefetch
2016-12-26 11:53 - 2012-07-21 23:18 - 00000000 ____D C:\Windows\System32\drivers
2016-12-26 02:47 - 2013-06-19 02:11 - 00000000 ____D C:\Program Files (x86)\DivX
2016-12-26 02:47 - 2013-06-19 02:10 - 00000000 ____D C:\ProgramData\DivX
2016-12-26 02:46 - 2016-02-14 12:21 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-12-26 02:46 - 2013-10-05 11:55 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\DivX
2016-12-26 02:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Tasks
2016-12-26 02:35 - 2014-12-15 11:40 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\MPC-HC
2016-12-26 02:35 - 2013-07-21 02:52 - 00000000 ____D C:\Windows\Minidump
2016-12-26 02:35 - 2013-01-13 08:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-26 02:35 - 2012-07-21 21:44 - 00000000 ____D C:\Windows\inf
2016-12-26 02:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Logs
2016-12-24 01:10 - 2012-12-19 22:39 - 00000000 __SHD C:\System Volume Information
2016-12-22 11:37 - 2016-06-27 00:07 - 00003906 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-22 11:37 - 2015-10-03 01:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-22 11:37 - 2013-01-21 07:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-22 11:37 - 2013-01-21 07:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 11:37 - 2013-01-21 07:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-22 11:37 - 2013-01-21 07:59 - 00000000 ____D C:\Windows\System32\Macromed
2016-12-22 11:36 - 2014-10-30 10:23 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Adobe
2016-12-16 22:56 - 2014-07-19 08:49 - 00000000 __SHD C:\Config.Msi
2016-12-16 22:56 - 2012-12-21 07:01 - 00000000 __SHD C:\Windows\Installer
2016-12-16 22:51 - 2012-12-21 08:00 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 22:51 - 2012-12-21 08:00 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 22:51 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 22:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 00:27 - 2015-09-28 11:39 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 05:06 - 2015-05-09 01:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-13 14:07 - 2009-07-13 21:13 - 00797874 _____ C:\Windows\System32\PerfStringBackup.INI
2016-12-13 14:07 - 2009-07-13 18:36 - 00672880 _____ C:\Windows\System32\perfh009.dat
2016-12-13 14:07 - 2009-07-13 18:36 - 00127368 _____ C:\Windows\System32\perfc009.dat
2016-12-13 10:03 - 2015-03-21 06:37 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\Winamp
2016-12-12 23:06 - 2016-04-29 12:37 - 00000000 ____D C:\ProgramData\PC1Data
2016-12-12 23:01 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
2016-12-12 13:13 - 2012-12-21 06:50 - 00000000 ____D C:\Users\MattyHutch\AppData\LocalLow
2016-12-12 12:29 - 2016-10-16 10:53 - 00000000 ____D C:\Users\MattyHutch\Documents\LogFiles
2016-12-12 12:29 - 2015-11-07 12:15 - 00000000 ____D C:\Users\MattyHutch\Desktop\adbFire
2016-12-12 12:29 - 2015-02-25 13:47 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\uTorrent
2016-12-12 12:29 - 2014-12-12 03:00 - 00000000 ____D C:\Users\MattyHutch\Desktop\MWII
2016-12-12 12:29 - 2013-01-19 10:54 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\CrashDumps
2016-12-12 12:29 - 2012-12-21 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-12 12:23 - 2012-12-21 06:50 - 00000000 ___RD C:\Users\MattyHutch\Documents
2016-12-12 12:10 - 2016-04-29 12:37 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
2016-12-12 03:50 - 2016-03-25 02:47 - 00000000 ____D C:\adbFire
2016-12-11 04:20 - 2015-03-21 06:37 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-12-10 06:55 - 2016-03-24 06:26 - 00000000 ____D C:\ProgramData\Malwarebytes
 
Files to move or delete:
====================
C:\ProgramData\appclunst.exe
C:\ProgramData\pclunst.exe
 
 
Some files in TEMP:
====================
C:\Users\MattyHutch\AppData\Local\Temp\KMS.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8162.36 MB
Available physical RAM: 7258.52 MB
Total Virtual: 8160.51 MB
Available Virtual: 7253.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:70.13 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.45 GB) (Free:6.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0B598EC)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
LastRegBack: 2016-10-28 04:38
 
==================== End of FRST.txt ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 03:50 PM

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

User32.dll

It then should look like:

Search: User32.dll

Click Search Files button and post the log (Search.txt) it makes in the USB drive in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 04:22 PM

Thanks for the response.

 

Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by SYSTEM (06-01-2017 17:13:57)
Running from F:\
Boot Mode: Recovery
 
================== Search Files: "User32.dll" =============
 
X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
X:\Windows\System32\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
====== End of Search ======


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 04:36 PM

There is only one file available in the computer, and it is the 64bit version. The 32bit version is missing. That could affect us. Lets see what is the reaction if only one of these files is restored.

 

Download the attached file and save it in the same location FRST64 is saved.

  • Start FRST64 as you did before, then
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Restart the computer in Normal Mode and let me know the outcome.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 04:59 PM

It didn't work I'm afraid, still in the restart loop.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by SYSTEM (06-01-2017 17:52:35) Run:3
Running from F:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Replace: X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll  C:\Windows\System32\user32.dll
*****************
 
"C:\Windows\System32\user32.dll" => not found
X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll  copied successfully to C:\Windows\System32\user32.dll
 
==== End of Fixlog 17:52:35 ====


#8 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 05:08 PM

Attached File  20170106_215608_HDR.jpg   51.45KB   0 downloads



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 05:10 PM

Please Run FRST64 once again and post the resulting FRST.txt log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 05:18 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by SYSTEM on MININT-4G5VL4O (06-01-2017 18:16:32)
Running from F:\
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet004
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 1999-12-31] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2014-05-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-05] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 aunhelper; C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe [81920 2015-09-18] ()
S3 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4630352 2015-05-21] (SafeNet Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-03-10] (IObit)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-05] (Electronic Arts)
S2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139536 2010-05-25] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-05-20] (Realtek Semiconductor)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-10-26] (Realtek Semiconductor.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)
S2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3543576 2016-02-16] (TorrentsTime)
S2 Virtual CDAudio Service; C:\Program Files (x86)\Audials\Audials 10\VCDWriter\64\VCDAudioService.exe [179464 2013-10-07] (RapidSolution Software AG)
S4 wwEngineSvc; C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe [618896 2011-04-20] (Webroot Software, Inc.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation)
S3 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
S2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 adgnetworktdi; no ImagePath
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [69208 2015-05-21] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [72664 2015-05-21] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [312344 2015-05-21] (SafeNet Inc.)
S0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2015-07-07] (IVT Corporation.)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2014-05-20] (Ralink Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-24] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [340336 2015-05-21] (SafeNet Inc.)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-06] (REALiX™)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-20] (Intel Corporation)
S3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-03-06] (Intel Corporation)
S3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2010-07-29] (Creative Technology Ltd.)
S3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-28] (LG Electronics Inc.)
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-28] (LG Electronics Inc.)
S3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-28] (LG Electronics Inc.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2015-12-24] (Intel Corporation)
S3 mpsdrv; no ImagePath
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-10-07] (Audials AG)
S3 rsvcdwdr; C:\Windows\System32\DRIVERS\rsvcdwdr.sys [45192 2013-10-07] (RapidSolution Software AG)
S0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
S5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-05] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [422656 2016-01-06] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9101016 2015-07-06] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; no ImagePath
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-09-17] (OpenLibSys.org)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [139088 2017-01-05] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S0 SR; no ImagePath
S2 srservice; no ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aksdf.sys BAA7D289BA72B5A798801D78D5609568
C:\Windows\System32\DRIVERS\aksfridge.sys E7C605A919A4349056861886773495C1
C:\Windows\System32\DRIVERS\akshasp.sys 54467C61D96EBA94E0EBAE8D95CB8EF3
C:\Windows\System32\DRIVERS\akshhl.sys 0C33EDF66A0F8072416CED1D3D6B59D1
C:\Windows\System32\DRIVERS\aksusb.sys EC355A228F2A1E0756C9ADEF643FE6A6
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdkmpfd.sys 6ED151E48EE0F594767D440BD3204598
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AMPPAL.sys 9C385432C11AECC647E8D0BC7663AB48
C:\Windows\System32\DRIVERS\amppal.sys 9C385432C11AECC647E8D0BC7663AB48
C:\Windows\System32\DRIVERS\lgandnetbus64.sys E1E57FAEDA0D85420EDBAAFE29025585
C:\Windows\System32\DRIVERS\lgandnetdiag64.sys EF5AACC19563493F56C52F4EE54A672B
C:\Windows\System32\DRIVERS\lgandnetmodem64.sys 23BC4FFCB177048C1664802126F0BA08
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 6A8BE7EF08F3AE3B81555788D978A43A
C:\Windows\System32\DRIVERS\ATSwpWDF.sys 23C140EA2ADA4F0E034F682C57F8DE62
C:\Windows\System32\DRIVERS\avgidsha.sys F6CE2F1B6E890FB5EBC04A11A2E31DC1
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\btcusb.sys CC8915599391541075FA669ECEA595EC
C:\Windows\System32\DRIVERS\btfilter.sys F4A83E8A87E810F6B332002DD8CA5E0A
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\Drivers\BtL2caScoIf.sys CE3921CC0814574A699628776B3AE301
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 0D25B6D300BA26A5F2C3B2A8E96B158B
C:\Windows\System32\Drivers\BTHUSB.sys 1F9912F8EC5BFA53432E71E150636A8A
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys 3CA734CE373E5675FBC15CA2C45228E5
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EMSC.SYS E47D9D7E6E53892FC97282482F4AE307
C:\Windows\SysWOW64\DRIVERS\EMSC.SYS CF460F454A0473E6C7AD846B94D8382A
C:\Windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\Windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\DRIVERS\ETD.sys 7A57760E4F2BD604E9E9B80A44BCD443
C:\Windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\Windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys D279181E1CF2D85D31CDCFFD56B16795
C:\Windows\System32\drivers\gfiutil.sys 8A93EF289B0F9355E513C4AC08EBF8ED
C:\Windows\system32\drivers\hardlock.sys 6F7C19DD5C1C0E67348F003A940F3EAF
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hssdrv6.sys 94CE9CAAC86D7647422AE5162E4D206D
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStorA.sys 60F6526DB3297C7324957EF3143F88FF
C:\Windows\System32\DRIVERS\iaStorF.sys EF1E09049D5DAF2144AAF67EAE6CC47E
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ICCWDT.sys 231ADCE77616144B8E3D29707B282C82
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flashud.sys 3E9543C0FD4C343B54793B268B314837
C:\Windows\System32\drivers\RTKVHD64.sys 1BD8C0B594F398E59629C530FFC05366
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iusb3hcs.sys 6BCEF45131C8B8E1C558BE540B190B3C
C:\Windows\System32\DRIVERS\iusb3hub.sys 676660F20C1E2AA257ADB356F682CAE2
C:\Windows\System32\DRIVERS\iusb3xhc.sys B0342584DAB73797F584CADD41EEC6BD
C:\Windows\System32\DRIVERS\jmccgp.sys 6E76CFA02D7EBE9DBB5E8C60CC23CAA1
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\keyscrambler.sys 89073D9FAF1A7C4781B26CCC9A28D2B6
C:\Windows\System32\drivers\ksaud.sys E5E6ED52E30E1DFC05CCF83286FAA1AD
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgbtpt64.sys 174803F2EEA3B22165DFE0E5A1F20685
C:\Windows\System32\DRIVERS\lgbtbs64.sys 565F93BB7C0361E61B3DAEA670C354D6
C:\Windows\System32\DRIVERS\lgvmdm64.sys ABF477857B7CED873362EC92C6CE10A7
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 453DE62ACB654D39AF0162F97E3B5FA3
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 67B51A97733B10D716B366C2ED126763
C:\Windows\System32\DRIVERS\nvlddmkm.sys 71CF83223F3ADC2EC9DC0FDA8702E312
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 99D42078C9596A20A7B3419159265A25
C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys C76BA99AA5DAAE0FB24CB3D39F231783
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RTSUVSTOR.sys 28B356BAB74470786867BF4DC261E17C
C:\Windows\System32\DRIVERS\rsvcdwdr.sys 9CD929A2F91A4D5399537D021AE43947
C:\Windows\System32\DRIVERS\rtcrfilt64.sys E6458C9289160F440AC40D62926B39A6
C:\Windows\System32\DRIVERS\Rt64win7.sys 7C03368FBF69FABEC01B036558B5A990
C:\Windows\System32\Drivers\RtsUer.sys F6678DB002E2C0C699E0DDECF7CDE971
C:\Windows\System32\DRIVERS\rtsuvc.sys EA2BFD4DB292542A753A895C7D23BDBD
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys A5C91E4A9B97665E5A10317C1625AFF9
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ScpVBus.sys 0447065A6E10774EFCECFDD0EB970A79
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys E77CB3736A702D46A6FB15FB4A9894E3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys 0F30F5D825CD5A86BCCE1CBD43CAC363
C:\Windows\System32\DRIVERS\snapman.sys C194FC7F26B62DA92D121C3564F20712
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\SynTP.sys 53AEAEA7FBEA844A6228BC6E89D738B8
C:\Windows\System32\DRIVERS\taphss.sys B70DF208E97536CA9F29289E609F5B16
C:\Windows\System32\DRIVERS\taphss6.sys 5590F7412464DB952CA4F4F90C70EA45
C:\Windows\System32\drivers\tbhsd.sys 048CFE7569D6ADCAB9349BB1A566A79E
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\whfltr2k.sys 2C3E71FF4F6E859AE3833BA206B00614
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WRkrn.sys 39F69B1658C6282B86E21F954521A429
C:\Windows\system32\DRIVERS\wrUrlFlt.sys F5BB6459A1289527434772FE74227BD0
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-06 17:52 - 2009-07-13 17:41 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2017-01-06 16:33 - 2017-01-06 16:33 - 00000000 ____D C:\Users\MattyHutch\New folder (2)
2017-01-06 16:33 - 2017-01-06 16:33 - 00000000 ____D C:\Users\MattyHutch\New folder
2017-01-05 18:20 - 2017-01-05 18:20 - 00000000 ____D C:\Windows\System32\config\backup
2017-01-05 15:57 - 2017-01-06 18:16 - 00000000 ____D C:\FRST
2017-01-05 08:58 - 2017-01-05 08:58 - 00355736 _____ C:\Windows\ntbtlog.txt
2016-12-16 23:09 - 2016-12-16 23:09 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\Hola
2016-12-16 23:09 - 2016-12-16 23:09 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Chromium
2016-12-16 23:08 - 2016-12-16 23:09 - 00000000 ____D C:\Program Files\Hola
2016-12-16 22:51 - 2016-12-16 22:52 - 00000000 ____D C:\Program Files (x86)\GUMD07D.tmp
2016-12-15 14:02 - 2016-12-15 14:02 - 00180198 _____ C:\Users\MattyHutch\Downloads\vouchers-T8230136.pdf
2016-12-14 05:07 - 2016-12-14 05:07 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-14 05:06 - 2016-12-14 05:07 - 00000000 ____D C:\Program Files\iTunes
2016-12-14 05:06 - 2016-12-14 05:06 - 00000000 ____D C:\Program Files\iPod
2016-12-14 04:55 - 2016-12-14 04:55 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Apple
2016-12-14 01:18 - 2016-12-14 01:18 - 00009011 _____ C:\Users\MattyHutch\Downloads\rgx8401.jpg
2016-12-13 14:06 - 2016-12-13 14:06 - 00185540 _____ C:\Users\MattyHutch\Downloads\Vouchers_T8230136.pdf
2016-12-13 12:38 - 2016-12-13 12:39 - 06552869 _____ C:\Users\MattyHutch\Downloads\VYBZ KARTEL - DRINK UP - DRINK UP RIDDIM - TJRECORDS - 2014.mp3
2016-12-13 12:37 - 2016-12-13 12:39 - 11840225 _____ C:\Users\MattyHutch\Downloads\Bronski Beat - Smalltown Boy (Original Mix) [pleer.net].mp3
2016-12-13 12:36 - 2016-12-13 12:36 - 11074571 _____ C:\Users\MattyHutch\Downloads\The Weeknd - I Feel It Coming (feat. Daft Punk) [pleer.net].mp3
2016-12-13 12:35 - 2016-12-13 12:36 - 06366978 _____ C:\Users\MattyHutch\Downloads\Skid Row - Youth Gone Wild [pleer.net].mp3
2016-12-12 23:09 - 2016-12-12 23:09 - 00026418 _____ C:\Users\MattyHutch\Downloads\BuOP5i8IUAI_VGH.jpg-large
2016-12-12 23:09 - 2016-12-12 23:09 - 00026418 _____ C:\Users\MattyHutch\Downloads\BuOP5i8IUAI_VGH.jpg
2016-12-12 23:01 - 2016-12-14 05:03 - 00000000 ____D C:\ProgramData\Apple
2016-12-12 13:46 - 2016-12-12 13:46 - 00511240 _____ C:\Users\MattyHutch\Downloads\Worth_Fighting_For_(Fighting_to_-_Kirsty_Moseley.epub
2016-12-12 13:13 - 2016-12-12 13:17 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Daedalic Entertainment GmbH
2016-12-12 13:13 - 2016-12-12 13:13 - 00000000 ____D C:\Users\MattyHutch\AppData\LocalLow\Daedalic Entertainment GmbH
2016-12-12 13:12 - 2016-12-12 13:12 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\kt
2016-12-12 12:04 - 2016-12-12 12:04 - 00003540 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-12-12 12:03 - 2016-12-08 17:00 - 07046552 _____ ( PC Cleaners ) C:\ProgramData\appclunst.exe
2016-12-12 03:49 - 2016-12-12 03:59 - 00000000 ____D C:\adbLink
2016-12-12 03:49 - 2016-12-12 03:49 - 00000590 _____ C:\Users\Public\Desktop\adbLink.lnk
2016-12-11 09:53 - 2016-12-11 09:53 - 00001167 _____ C:\Users\MattyHutch\Desktop\Kingdom Wars 2 Undead Cometh.lnk
2016-12-11 09:45 - 2016-12-12 13:12 - 00000000 ____D C:\Program Files (x86)\Kingdom Wars 2 Undead Cometh
2016-12-11 04:17 - 2016-12-11 04:17 - 00003674 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-12-10 06:56 - 2016-12-10 06:56 - 00176064 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2016-12-10 06:56 - 2016-12-10 06:56 - 00102856 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2016-12-10 06:56 - 2016-12-10 06:56 - 00081696 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2016-12-10 06:56 - 2016-12-10 06:56 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-12-10 06:55 - 2017-01-05 00:27 - 00250816 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-12-10 06:55 - 2016-12-10 06:55 - 00001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-10 06:55 - 2016-12-10 06:55 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-10 06:55 - 2016-11-28 22:27 - 00077408 _____ C:\Windows\System32\Drivers\mbae64.sys
2016-12-08 22:54 - 2016-12-14 00:59 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\AnonymizerLauncher
2016-12-07 04:27 - 2016-12-12 13:22 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment GmbH
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-10 06:59 - 2016-03-24 06:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-06 16:33 - 2012-12-21 06:50 - 00000000 ____D C:\users\MattyHutch
2017-01-05 01:29 - 2016-04-14 01:58 - 00000000 ____D C:\ProgramData\WRData
2017-01-05 01:22 - 2013-01-19 13:46 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\BitTorrent
2017-01-05 01:19 - 2009-07-13 20:45 - 00028976 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-05 01:19 - 2009-07-13 20:45 - 00028976 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-05 01:12 - 2015-10-03 01:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-05 01:02 - 2016-04-16 00:02 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fa01cd1f-367d-43fa-8166-a483dd9b237c.job
2017-01-05 00:41 - 2012-12-22 16:52 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\Spotify
2017-01-05 00:30 - 2016-04-14 01:58 - 00184760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-01-05 00:30 - 2016-04-14 01:58 - 00139088 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2017-01-05 00:30 - 2016-04-14 01:58 - 00118384 _____ (Webroot) C:\Windows\System32\WRusr.dll
2017-01-05 00:27 - 2014-11-17 00:17 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Spotify
2017-01-05 00:25 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-05 00:24 - 2012-12-21 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-04 15:02 - 2012-12-27 05:12 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\vlc
2017-01-04 04:22 - 2016-10-29 03:34 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-01-04 02:22 - 2016-04-16 00:02 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfea8830-4496-4267-ad18-037c515f85d0.job
2017-01-01 01:11 - 2016-06-27 00:07 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-30 10:09 - 2012-12-21 20:11 - 00000000 ____D C:\Windows\Prefetch
2016-12-26 11:53 - 2012-07-21 23:18 - 00000000 ____D C:\Windows\System32\drivers
2016-12-26 02:47 - 2013-06-19 02:11 - 00000000 ____D C:\Program Files (x86)\DivX
2016-12-26 02:47 - 2013-06-19 02:10 - 00000000 ____D C:\ProgramData\DivX
2016-12-26 02:46 - 2016-02-14 12:21 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-12-26 02:46 - 2013-10-05 11:55 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\DivX
2016-12-26 02:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Tasks
2016-12-26 02:35 - 2014-12-15 11:40 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\MPC-HC
2016-12-26 02:35 - 2013-07-21 02:52 - 00000000 ____D C:\Windows\Minidump
2016-12-26 02:35 - 2013-01-13 08:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-26 02:35 - 2012-07-21 21:44 - 00000000 ____D C:\Windows\inf
2016-12-26 02:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Logs
2016-12-24 01:10 - 2012-12-19 22:39 - 00000000 __SHD C:\System Volume Information
2016-12-22 11:37 - 2016-06-27 00:07 - 00003906 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-22 11:37 - 2015-10-03 01:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-22 11:37 - 2013-01-21 07:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-22 11:37 - 2013-01-21 07:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 11:37 - 2013-01-21 07:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-22 11:37 - 2013-01-21 07:59 - 00000000 ____D C:\Windows\System32\Macromed
2016-12-22 11:36 - 2014-10-30 10:23 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\Adobe
2016-12-16 22:56 - 2014-07-19 08:49 - 00000000 __SHD C:\Config.Msi
2016-12-16 22:56 - 2012-12-21 07:01 - 00000000 __SHD C:\Windows\Installer
2016-12-16 22:51 - 2012-12-21 08:00 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 22:51 - 2012-12-21 08:00 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 22:51 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 22:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 00:27 - 2015-09-28 11:39 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 05:06 - 2015-05-09 01:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-13 14:07 - 2009-07-13 21:13 - 00797874 _____ C:\Windows\System32\PerfStringBackup.INI
2016-12-13 14:07 - 2009-07-13 18:36 - 00672880 _____ C:\Windows\System32\perfh009.dat
2016-12-13 14:07 - 2009-07-13 18:36 - 00127368 _____ C:\Windows\System32\perfc009.dat
2016-12-13 10:03 - 2015-03-21 06:37 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\Winamp
2016-12-12 23:06 - 2016-04-29 12:37 - 00000000 ____D C:\ProgramData\PC1Data
2016-12-12 23:01 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
2016-12-12 13:13 - 2012-12-21 06:50 - 00000000 ____D C:\Users\MattyHutch\AppData\LocalLow
2016-12-12 12:29 - 2016-10-16 11:09 - 00000000 ____D C:\Users\MattyHutch\Documents\Jihosoft iPhone Data Recovery
2016-12-12 12:29 - 2016-10-16 10:53 - 00000000 ____D C:\Users\MattyHutch\Documents\LogFiles
2016-12-12 12:29 - 2015-11-07 12:15 - 00000000 ____D C:\Users\MattyHutch\Desktop\adbFire
2016-12-12 12:29 - 2015-02-25 13:47 - 00000000 ____D C:\Users\MattyHutch\AppData\Roaming\uTorrent
2016-12-12 12:29 - 2014-12-12 03:00 - 00000000 ____D C:\Users\MattyHutch\Desktop\MWII
2016-12-12 12:29 - 2013-01-19 10:54 - 00000000 ____D C:\Users\MattyHutch\AppData\Local\CrashDumps
2016-12-12 12:29 - 2012-12-21 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-12 12:23 - 2012-12-21 06:50 - 00000000 ___RD C:\Users\MattyHutch\Documents
2016-12-12 12:10 - 2016-04-29 12:37 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
2016-12-12 03:50 - 2016-03-25 02:47 - 00000000 ____D C:\adbFire
2016-12-11 04:20 - 2015-03-21 06:37 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-12-10 06:55 - 2016-03-24 06:26 - 00000000 ____D C:\ProgramData\Malwarebytes
 
Files to move or delete:
====================
C:\ProgramData\appclunst.exe
C:\ProgramData\pclunst.exe
 
 
Some files in TEMP:
====================
C:\Users\MattyHutch\AppData\Local\Temp\KMS.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8162.36 MB
Available physical RAM: 7255.59 MB
Total Virtual: 8160.51 MB
Available Virtual: 7251 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:70.12 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.45 GB) (Free:6.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0B598EC)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
LastRegBack: 2016-10-28 04:38
 
==================== End of FRST.txt ============================


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 05:45 PM

I would like to check how the partitions are arranged. Lets run the following program in the Recovery Environment.

 

Please download  Listparts to a flash drive.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the affected PC.

From an Off position in the computer (The computer must be Off to start with, else it will pick up FRST disk arrangement), enter the System Recovery Options.

To enter the System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on  Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it in your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 January 2017 - 05:52 PM

ListParts by Farbar Version: 31-07-2014
Ran by SYSTEM (administrator) on 06-01-2017 at 18:50:34
Windows 7 (X64)
Running From: F:\
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 8%
Total physical RAM: 8162.36 MB
Available physical RAM: 7483.49 MB
Total Pagefile: 8160.51 MB
Available Pagefile: 7466.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB
 
======================= Partitions =========================
 
1 Drive c: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:931.17 GB) (Free:70.12 GB) NTFS
3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:7.45 GB) (Free:6.89 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B         
  Disk 1    Online         7632 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: A0B598EC
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            350 MB  1024 KB
  Partition 2    Primary            931 GB   351 MB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   System Rese  NTFS   Partition    350 MB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D                NTFS   Partition    931 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00000000
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7631 MB    16 KB
 
======================================================================================================
 
Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                FAT32  Removable   7631 MB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: A0B598EC
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==============================
Partitions of Disk 1:
===============
Disk ID: 00000000
 
Partition: GPT Partition Type.
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {bfaafacf-4a2c-11e2-a735-8cca6d32504a}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 3
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=D:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
testsigning             No
osdevice                partition=D:
systemroot              \Windows
resumeobject            {bfaafacf-4a2c-11e2-a735-8cca6d32504a}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {74329acd-8ad8-11e4-ab8f-806e6f6e6963}
device                  partition=D:
path                    \$WINDOWS.~BT\Windows\system32\winresume.exe
description             Windows Setup
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=D:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {bfaafacf-4a2c-11e2-a735-8cca6d32504a}
device                  partition=D:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=D:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
****** End Of Log ****** 


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 07:01 PM

From an Off position, start the computer and bring it to the Command Prompt.
 
Lets run the following commands at the prompt:
 
CHKDSK D: /R
 
This will check the integrity of the disk. Once finished, run the following command (Use the right Syntax):

sfc /scannow /offbootdir=c:\ /offwindir=d:\windows

Let me know the outcome.

Edited by JSntgRvr, 06 January 2017 - 07:24 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:02 PM

Posted 06 January 2017 - 07:06 PM

Which Operating System is in the Computer you are using to communicate with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Huutch

Huutch
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 07 January 2017 - 04:08 AM

The computer works now, I entered the setup utility by pressing F2, changing the Sata from IDE to AHCI and it booted! However on booting, it's saying system error, "The program can't start because USER32.dll is missing form the computer." I ran sfc /scannow /offbootdir=c:\ /offwindir=d:\windows

 

It says it found corrupt files but unable to fix some of them.


Edited by Huutch, 07 January 2017 - 04:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users